Merge commit 'e2073b0276226b625897ef475f225bf8f508719e' as 'triehash'

[apt.git] / cmdline / apt-key.in

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 81314c7f5fab1a4d94fb67afae5ed804bffae12c..0c10e59554972fc62603306daa7c4370e822096f 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -232,6 +232,17 @@ remove_key_from_keyring() {
     done
 }
 
+accessible_file_exists() {
+   if ! test -s "$1"; then
+      return 1
+   fi
+   if test -r "$1"; then
+      return 0
+   fi
+   warn "The key(s) in the keyring $1 are ignored as the file is not readable by user '$USER' executing apt-key."
+   return 1
+}
+
 foreach_keyring_do() {
    local ACTION="$1"
    shift
@@ -240,7 +251,7 @@ foreach_keyring_do() {
        $ACTION "$FORCED_KEYRING" "$@"
    else
        # otherwise all known keyrings are up for inspection
-       if [ -s "$TRUSTEDFILE" ]; then
+       if accessible_file_exists "$TRUSTEDFILE"; then
            $ACTION "$TRUSTEDFILE" "$@"
        fi
        local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
@@ -249,7 +260,7 @@ foreach_keyring_do() {
            TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
            local TRUSTEDPARTSLIST="$(cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg')"
            for trusted in $(echo "$TRUSTEDPARTSLIST" | sort); do
-               if [ -s "$trusted" ]; then
+               if accessible_file_exists "$trusted"; then
                    $ACTION "$trusted" "$@"
                fi
            done
@@ -302,35 +313,18 @@ import_keyring_into_keyring() {
     fi
 }
 
+catfile() {
+   cat "$1" >> "$2"
+}
+
 merge_all_trusted_keyrings_into_pubring() {
     # does the same as:
     # foreach_keyring_do 'import_keys_from_keyring' "${GPGHOMEDIR}/pubring.gpg"
     # but without using gpg, just cat and find
-    local PUBRING="$(readlink -f "${GPGHOMEDIR}/pubring.gpg")"
-    # if a --keyring was given, just use this one
-    if [ -n "$FORCED_KEYRING" ]; then
-       if [ -s "$FORCED_KEYRING" ]; then
-           cp --dereference "$FORCED_KEYRING" "$PUBRING"
-       fi
-    else
-       # otherwise all known keyrings are merged
-       local TRUSTEDPARTS="/etc/apt/trusted.gpg.d"
-       eval $(apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d)
-       if [ -d "$TRUSTEDPARTS" ]; then
-           rm -f "$PUBRING"
-           if [ -s "$TRUSTEDFILE" ]; then
-               cat "$TRUSTEDFILE" > "$PUBRING"
-           fi
-           TRUSTEDPARTS="$(readlink -f "$TRUSTEDPARTS")"
-           (cd /; find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 -name '*.gpg' -exec cat {} + >> "$PUBRING";)
-       elif [ -s "$TRUSTEDFILE" ]; then
-           cp --dereference "$TRUSTEDFILE" "$PUBRING"
-       fi
-    fi
-
-    if [ ! -s "$PUBRING" ]; then
-       touch "$PUBRING"
-    fi
+    local PUBRING="$(readlink -f "${GPGHOMEDIR}")/pubring.gpg"
+    rm -f "$PUBRING"
+    touch "$PUBRING"
+    foreach_keyring_do 'catfile' "$PUBRING"
 }
 
 import_keys_from_keyring() {
@@ -480,8 +474,34 @@ if [ -z "$command" ]; then
 fi
 shift
 
+find_gpgv_status_fd() {
+   while [ -n "$1" ]; do
+       if [ "$1" = '--status-fd' ]; then
+               shift
+               echo "$1"
+               break
+       fi
+       shift
+   done
+}
+GPGSTATUSFD="$(find_gpgv_status_fd "$@")"
+
+warn() {
+    if [ -z "$GPGHOMEDIR" ]; then
+       echo >&2 'W:' "$@"
+    else
+       echo 'W:' "$@" > "${GPGHOMEDIR}/aptwarnings.log"
+    fi
+    if [ -n "$GPGSTATUSFD" ]; then
+       echo >&${GPGSTATUSFD} '[APTKEY:] WARNING' "$@"
+    fi
+}
+
 cleanup_gpg_home() {
     if [ -z "$GPGHOMEDIR" ]; then return; fi
+    if [ -s "$GPGHOMEDIR/aptwarnings.log" ]; then
+       cat >&2 "$GPGHOMEDIR/aptwarnings.log"
+    fi
     if command_available 'gpgconf'; then
        GNUPGHOME="${GPGHOMEDIR}" gpgconf --kill gpg-agent >/dev/null 2>&1 || true
     fi